ToolKit Item: Sandboxie by Guest Author Bo Elam

[bjm_]

ToolKit Item: Sandboxie by Guest Author Bo Elam

ToolKit Item: Sandboxie by Guest Author Bo Elam

[Note from Ed Tittel: This post about Sandboxie comes from guest author Bo Elam, whom Kari and I met on TenForums, where he is something of a regular visitor, and a passionate advocate for Sandboxi…

win10.guru

 

[LDogg]

Fantastic article for Sandboxie users!

~LDogg

 

[Andy Ful]

It is a very good introduction to Sandboxie. I used Sandboxie (paid) in this way a few years ago.
The good thing about Sandboxie is that users can install the applications in Sandboxie sandbox and make a backup copy of the sandbox. If something goes wrong, it is not necessary to install the applications again. After recovering the sandbox from the backup, all applications in it are ready to work. This also worked after the fresh installation of the new Windows version, but the Windows bitness (64-bit or 32-bit) has to be the same.

 

[shmu26]

Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.
If you use a modern, updated browser, you don't get infected by surfing the internet anymore. That is so 2008. What year are we in now?
The advanced in-browser exploits of 2019 cannot be stopped by sandboxing, and they won't infect your system, either.

 

[bjm_]

Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.

?

 

[shmu26]

?

Like I said, the old-style browser exploits he is talking about are gone. Unless you are using Internet Explorer and you are a high-value target.

 

[plat]

Yes, I mean flash player is phased out coming up in 2020. There goes a huge reason to use Sbie right there. OK so these "newfangled" Service Worker exploits are one thing, but wouldn't you consider Sbie a boon in case anything tries to slither out of the sandbox? Also, if you're severely limiting access to cookies, etc, isn't that inherently more secure? I want to justify its continued use, beyond the placebo effect. :emoji_pray:

 

[shmu26]

Yes, I mean flash player is phased out coming up in 2020. There goes a huge reason to use Sbie right there. OK so these "newfangled" Service Worker exploits are one thing, but wouldn't you consider Sbie a boon in case anything tries to slither out of the sandbox? Also, if you're severely limiting access to cookies, etc, isn't that inherently more secure? I want to justify its continued use, beyond the placebo effect. :emoji_pray:

As far as I understand, SBIE will not stop the service worker exploits. The attacker will still get your IP, and he will still get your file path, albeit to the sandboxed location. But he will know your real user name, so the true path will be very easy to figure out.

As for things slithering out of my browser into the system, here's the rub: I use Chrome on Windows 10. That means Chrome runs in appcontainer. If I add SBIE, Chrome will no longer run in appcontainer. So all I did was give up one sandbox for another sandbox.

I can run Chrome in ReHIPS isolation, if I want --- then Chrome is still in appcontainer. That way, I gain security.

SBIE improves the security of Firefox, though. Not that you really need it.

 

[bjm_]

Like I said, the old-style browser exploits he is talking about are gone. Unless you are using Internet Explorer and you are a high-value target.

I'm curious where Bo stated:

Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.

 

[bribon77]

As for things slithering out of my browser into the system, here's the rub: I use Chrome on Windows 10. That means Chrome runs in appcontainer. If I add SBIE, Chrome will no longer run in appcontainer. So all I did was give up one sandbox for another sandbox.

@shmu26, you consider Chrome appcontainer better than Sandboxie

 

[shmu26]

I'm curious where Bo stated:

Bo's words: "I thought, “If I am going to use the internet, I am going to get infected and there’s nothing I can do about it.” The effect of using Sandboxie has been huge on the quality of my computing experience. After I became a Sandboxie user, infections went away completely. I haven’t had an infection since the day I became a Sandboxie user.

So, how did I become a Sandboxie user? One day late in 2008 during a browsing session, I was hit by malware (a rootkit). "

That's it right there.

You can't get hit by malware during a browsing session unless your browser is exploited. And this just doesn't happen anymore. The worst thing that could happen is a drive-by download. But you need to manually run the downloaded file, it doesn't run by itself. And there are plenty of default/deny solutions these days that can protect you from the silly mistake of running a drive-by download. You don't need SBIE for that. If you are smart enough to use SBIE, you are smart enough not to blindly click on a file you didn't want in the first place, but was forced upon you. And if you happen to be drunk or high, your default/deny solution will protect you.

 

[shmu26]

@shmu26, you consider Chrome appcontainer better than Sandboxie

This question was debated to death on the other forum. The conclusion I came away with is that appcontainer isolates the browser at least as well as SBIE at default settings. But if you tweak the SBIE settings, you can get protections that appcontainer doesn't have.

 

[bribon77]

You can't get hit by malware during a browsing session unless your browser is exploited. And this just doesn't happen anymore.

Now I understand you.

 

[bjm_]

Bo wrote:

If I am going to use the internet, I am going to get infected and there’s nothing I can do about it. The effect of using Sandboxie has been huge on the quality of my computing experience. After I became a Sandboxie user, infections went away completely. I haven’t had an infection since the day I became a Sandboxie user.

Reads to my ear like the AV user writing "I have not been infected since running my favored AV".
Reads to my ear like a loyal n' enthusiastic user expressing their personal experience.
Okay by my thinking.

I'll head scratch re:

Bo's stated reason for using Sandboxie is not relevant anymore, and has not been for several years.

shmu26 wrote:

You can't get hit by malware during a browsing session unless your browser is exploited. And this just doesn't happen anymore. The worst thing that could happen is a drive-by download. But you need to manually run the downloaded file, it doesn't run by itself. And there are plenty of default/deny solutions these days that can protect you from the mistake of running a drive-by download. You don't need SBIE for that.
I can run Chrome in ReHIPS isolation, if I want --- then Chrome is still in appcontainer. That way, I gain security.
SBIE improves the security of Firefox, though. Not that you really need it.

I hear you and feel your comments re browsing are interesting n' enlightening,
Respectfully, re SBIE....don't like, don't need, don't trust, don't want ....don't run.

Regards w Repect

 

[shmu26]

Bo wrote:

Reads to my ear like the AV user writing "I have not been infected since running my favored AV".
Reads to my ear like a loyal n' enthusiastic user expressing their personal experience.
Okay by my thinking.

I'll head scratch re:


shmu26 wrote:

Respectfully, don't like, don't need, don't trust, don't want ....don't run.

Regards w Repect

I do like SBIE, but for apps that are commonly exploited, such as MS Office. It's good for that. Unfortunately, some people are still paranoid about browser exploits, even though attack by dinosaur is more likely.

 

[bjm_]

I do like SBIE, but for apps that are commonly exploited, such as MS Office. It's good for that. Unfortunately, some people are still paranoid about browser exploits, even though attack by dinosaur is more likely.

I've run browser sandbox's for so long that I feel naked sans Sandboxie.

https://threatpost.com/zero-day-exploit-microsoft/142327/

 

[shmu26]

The article has a catchy title, but if you read a little bit, you come to the line: "The flaw allows attackers to hide exploits in weaponized Word documents "
This is where SBIE is really good. If you sandbox your Office apps, you will be protected from this kind of exploit. I very much admire SBIE for this. But I don't feel the need to protect my browser with it, because I feel like I am setting out traps for dinosaurs.

 

[bjm_]

The article has a catchy title, but if you read a little bit, you come to the line: "The flaw allows attackers to hide exploits in weaponized Word documents "
This is where SBIE is really good. If you sandbox your Office apps, you will be protected from this kind of exploit. I very much admire SBIE for this. But I don't feel the need to protect my browser with it, because I feel like I am setting out traps for dinosaurs.

Okay, now I'm gathering understanding. Thanks

 

[broughie]

I had ransomware lock my pc while in chrome not long ago usual message machine locked files encrypted , luckily I was in Sandboxie , came out , rebooted ransomware gone . Im sure browser alone wouldnt have protected. Cruel Sister asserted that Sandboxie protects against ransomware and several internet tests show that to be true . Ill stick with sandboxie enough said.

 

[shmu26]

I had ransomware lock my pc while in chrome not long ago usual message machine locked files encrypted , luckily I was in Sandboxie , came out , rebooted ransomware gone . Im sure browser alone wouldnt have protected. Cruel Sister asserted that Sandboxie protects against ransomware and several internet tests show that to be true . Ill stick with sandboxie enough said.

If you run a file downloaded in unsandboxed Chrome, and it is ransomware, your files will get encrypted. But that is not because of Chrome. It is because you ran the file.

If you run the malicious file in sandboxed Chrome, you will be protected from some effects of the attack. There will be no changes made to your file system, but your private info could still be stolen.

If you have a default/deny setup, you will be protected from all negative effects, because the attack will be completely blocked, not just sandboxed.